If you want to deal with functional safety, You need the “RM Pro” edition ( not RM, not FMEA, not “FMEA Pro” ).

The varianz of possible faults can just be achieved with a tool, which makes use of the VDA ( VDA “Band 4” ) approach.

With self-made spreadsheet FMEAs, the experts just name faults, which they already know.

With self-made spreadsheet solutions you have technical problems, if in an analysis tree / analysis chain, the human analyist detects that an analyis structure used at another point of the analyis tree / analysis chain might be used as duplicate.

In a process to develop an application with safety relevant functions for the automotive industry, these stakeholder must be integrated:

TÜV.

The customer ( e.g. ZF, Bosch ).

The MCU manufacturer ( e.g. Renesas Interactive ).

The software developers of the application.

Maybe japanese Designers of the MCU manufacturer..

The design and development process both of hardware ( MCU, board,.. ) and software ( compiler, application code ) must be of superior quality and must be verifiable, according to IE 61508 ( EN.Wikipedia "IEC 61508", DE.Wikipedia "IEC 61508" ).

Google Search for "Homogeneous Redundancy" - Same devices, same model, same software, but “more safe” due to high-quality development and production processes. By this, the parallel operation of devices is suitable to achieve SIL3 .

exida "Safety Equipment Reliability Handbook" - “The SERH provides a collection of failure rate data that is applicable for use in Safety Instrumented System (SIS) conceptual design verification in the process industry”, “The book set is a hard copy of exida’s SERH database that contains a vast amount of equipment item reliability data”.

Experts suggested to configure the input points of safe Rockwell PLCs as “Songle Safety Input” ( and not “Equivalent” and not “Complimentary” ).

The testing if the input points are antivalent or equivalent should be done by PLC software, instead of the hardware.

The discrepancy timeout should be done by PLC software, instead of the hardware.

Experts told me, if you modify an old machine in Germany, there is no need for CE conformity , but the machine must conform to the German Operational Safety Ordinance ( “Betriebssicherheitsverordnung” ).